Newegg has been hacked (archive). If you bought anything on Newegg.com between August 13th and September 18th, get a new credit card:
Newegg is investigating a data breach that may have compromised credit card details and other information about its customers, though the full extent of the damage is not yet known.
"Yesterday, we learned one of our servers had been injected with malware which may have allowed some of your information to be acquired or accessed by a third party," Newegg CEO Danny Lee states in an email being sent out to potentially affected customers." The malware was quite sophisticated and we are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted."
[...] Researchers from RiskIQ and Volexity say the attackers installed credit card skimming malware onto Newegg's website. They injected the malicious code into Newegg's payment processing page, basically hiding in plain site for more than a month, the researchers say.
The stolen credit card data was then sent to a drop server on a domain the hackers had registered, initially parked at neweggstats.com. They obtained a security certificate for the site from Comodo so that it appeared legitimate.
takyon: A news search for "Newegg" finds numerous examples of PC Gamer directing its readers to the site for deals (and steals?) during the breach period.
Also at Ars Technica and The Verge.
Previously: Encryption Patent That Roiled Newegg is Dead on Appeal
Newegg Is Being Sued for Allegedly Engaging in Massive Fraud
Related Stories
Arthur T Knackerbracket has found the following story:
Patent-holding company TQP Development made millions claiming that it owned a breakthrough in Web encryption, even though most encryption experts had never heard of the company until it started a massive campaign of lawsuits. Yesterday, the company's litigation campaign was brought to an end when a panel of appeals judges refused (PDF) to give TQP a second chance to collect on a jury verdict against Newegg.
The TQP patent was invented by Michael Jones, whose company Telequip briefly sold a kind of encrypted modem. The company sold about 30 models before the modem business went bust. Famed patent enforcer Erich Spangenberg bought the TQP patent in 2008 and began filing lawsuits, saying that the Jones patent actually entitled him to royalties on a basic form of SSL Internet encryption. Spangenberg and Jones ultimately made more than $45 million from the patent.
TQP appealed its case, and oral arguments were heard at the US Court of Appeals for the Federal Circuit on February 8. Yesterday, the three-judge panel found in Newegg's favor, issuing a short two-page order that did not explain its reasoning. While TQP could theoretically still appeal to the full Federal Circuit or to the Supreme Court, it's far from clear there's any legal issue in the case that would compel either of those bodies to take the case.
-- submitted from IRC
Gizmodo and Digitaltrends are among those reporting that electronics retail website Newegg has been sued by South Korean Banks, who say that Newegg and the South Korean Hardware company Moneual conspired to defraud the banks of "hundreds of millions of dollars."
The lawsuit, which was filed in U.S. District Court in Los Angeles, claims that Newegg and computer wholesaler ASI Corp. made false orders for home-theater computers from Moneual. The banks claim that Moneual organized the scheme and used the fake orders to obtain funds from the four banks. Newegg and ASI allegedly received a cut of the money in exchange for their cooperation.
[...] The computers that Moneual ordered were allegedly priced at 300 times their actual retail value, which is why the banks believe Newegg and ASI were part of the scam.
"No such business would have [paid] such an inflated price, unless it intended to create the illusion of extensive, profitable, high-value commerce... for the purpose of defrauding lenders into supporting the transactions," the lawsuit alleges.
The four banks are demanding a jury trial and monetary damages. They say that $230 million is still owed from the faulty loans that Moneual obtained.
(Score: 2) by RandomFactor on Wednesday September 19 2018, @10:38PM (2 children)
Had to double check, been a good bit longer since I ordered anything from Newegg so presumably I won't be getting a letter :-)
I do try to patronize Newegg on significant purchases, just haven't really ordered anything of late.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 0, Informative) by Anonymous Coward on Wednesday September 19 2018, @11:24PM
Use only Genuine™ HTTPS. "Let's Encrypt!" everything for no reason.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @08:56PM
I almost bought from newegg when the SSD in my laptop corrupted my root partition due to a bad sector, but the same drive was cheaper WITH 1 day rush delivery on Amazon. They're better on most things though, and still a lot better for searching for stuff. I love getting cheap refurbished HDD's for my NAS, no point paying full price for data I don't really care about in the first place.
(Score: 0, Interesting) by Anonymous Coward on Wednesday September 19 2018, @10:52PM (4 children)
now all i can do is huff propane
(Score: 1, Funny) by Anonymous Coward on Wednesday September 19 2018, @11:00PM (3 children)
Aww the angry spam troll is pregnant! Congratulations, know the due date? Will any of your worms be finding friendly vaginas or do you think they'll be manchildren forever?
(Score: 2) by Azuma Hazuki on Thursday September 20 2018, @02:19AM (1 child)
With any luck something more like Alien will happen here...
I am "that girl" your mother warned you about...
(Score: 2) by coolgopher on Thursday September 20 2018, @03:19AM
Not having paid attention to the above posts or the headings, I was wondering why someone would get shipped Alienware hardware just because their card got skimmed...
(Score: 2) by DeathMonkey on Thursday September 20 2018, @06:57PM
Dude must have a remarkably small penis for those worm to damage his brain!
(Score: 1, Interesting) by Anonymous Coward on Wednesday September 19 2018, @11:38PM (4 children)
As much as possible, I'll use cash as local stores - thankfully I have nearby Frys and Microcenters
(Score: 1, Insightful) by Anonymous Coward on Thursday September 20 2018, @01:28AM (2 children)
Lucky you. The only technical store I had was Radio Shaft, and they are gone.
(Score: 2) by Apparition on Thursday September 20 2018, @01:35AM (1 child)
Same. There's one Micro Center in the general vicinity, but it's about a hour and fifteen minute drive each way. Considering I don't drive and would have to use Lyft or take a taxi each way, it just isn't worth it.
(Score: 2) by Spamalope on Thursday September 20 2018, @02:37PM
And the local Frys started the 'reasonable prices only through the loyalty card system' and 'you're bank card can only be used as a debit card' bs I haven't looked back. The shelves were half empty and it didn't looks like it'd been cleaned properly in a year the last time I went. It's a shame, it was nice at first.
(Score: 2) by Walzmyn on Friday September 21 2018, @11:04AM
You can find anything at Fry's?
I've been in there several times thinking, "Oh, yeah, what I need is right up their alley...". Nope.
They're the almost store.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @12:41AM
not just malware but typ0s too
(Score: 5, Interesting) by DarkMorph on Thursday September 20 2018, @02:40AM (1 child)
If that plan has a hole in it, do correct me. Interested ears are listening.
By the way, the same code was used against British Airways just recently before this.
(Score: 2) by takyon on Thursday September 20 2018, @04:04AM
The credit card companies won't allow it. There's your hole.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2, Interesting) by Anonymous Coward on Thursday September 20 2018, @02:36PM (1 child)
This is why I always either use something like PayPal, Google Pay, Visa Check or similar when given the option, and when not given such an option I use Privacy virtual cards. Privacy gives you virtual debit card numbers so that you can use unique numbers for each online retailer, so if a site gets hacked close the one compromised virtual card and open a new one without needing to change your card number on dozens of other sites. It even allows for single use "burner" cards that close after one use for those less trusted sites. This, plus the ability to add spending limits on each card will either prevent or greatly reduce the possibility of any funds being taken by a hacker who skims the number. I use a different card for every site, and then burner cards for anything which I trust less. So far I've already blocked one unauthorized charge by setting a strict spending limit on one card (although this was from an shitty extra charge caused by the retailer rather than a hack, but it proves the feature works).
Shameless referral links:
https://privacy.com/join/JWVHW [privacy.com] (to join Privacy)
https://cashback.privacy.com/sJS2wEHpZ [privacy.com] (to join the "lifetime cashback" queue for 1-5% cashback)
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @02:40PM
Forgot to mention if you use the first link you get $5 a credit for free.
(Score: 3, Interesting) by cmdrklarg on Thursday September 20 2018, @03:55PM (1 child)
Just bought some stuff there during the danger period. No evidence of any unauthorized use of my card, but a new one is on order regardless. I read speculation that having stored card info (which I did) was actually a guard against this, since this was essentially a keylogger. Only thing they would have grabbed was the 3 digit code if that's the case.
Guess I'll have to start utilizing the single use numbers now. Can't have things nice and easy because assholes have to lie, cheat, and steal.
The world is full of kings and queens who blind your eyes and steal your dreams.
(Score: 0) by Anonymous Coward on Friday September 21 2018, @12:42AM
"Guess I'll have to start utilizing the single use numbers now"
See my post a couple of posts above about this. It makes this super easy.
(Score: 1) by darkpixel on Thursday September 20 2018, @04:14PM (1 child)
I spend about $4k on a new build, so it lasts a long time.
I bought my last computer about 7.5 years ago and it was starting to show its age.
Guess who picked the wrong week to buy a computer from Newegg? This guy.
(Score: 4, Informative) by takyon on Thursday September 20 2018, @05:06PM
https://pcpartpicker.com [pcpartpicker.com]
The site gives you (supposedly) the best prices on each component.
You can make a build and see which instances Newegg has the best price. Then you can blacklist Newegg and see how much more money you would have to spend from other vendors.
If the price goes up significantly (due to missing $30 rebates or whatever), you can switch out parts for similar but lower priced parts. Maybe Newegg had the cheap 8 GB Kingston RAM stick you wanted, which shot up $20 once you take out Newegg, but an 8 GB Micron stick is only a couple of dollars more from Amazon.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]